Use EC crypto (instead of RSA) to workaround weird test timeout

When we use RSA private keys to sign our test certificates, we run
into strange test timeouts. The internal/controller/apicerts package
was timing out on my machine more than once every 3 runs. When I
changed the RSA crypto to EC crypto, this timeout goes away. I'm not
gonna try to figure out what the deal is here because I think it would
take longer than it would be worth (although I am sure it is some fun
story involving prime numbers; the goroutine traces for timed out
tests would always include some big.Int operations involving prime
numbers...).

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler 2020-08-28 11:19:52 -04:00
parent a4fe76f6a9
commit ddb7a20c53
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
2 changed files with 8 additions and 5 deletions

View File

@ -7,8 +7,9 @@ package apicerts
import (
"context"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"errors"
"testing"
@ -197,11 +198,12 @@ func TestExpirerControllerSync(t *testing.T) {
{
name: "parse cert failure",
fillSecretData: func(t *testing.T, m map[string][]byte) {
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
require.NoError(t, err)
// See certs_manager.go for this constant.
m["tlsCertificateChain"] = x509.MarshalPKCS1PrivateKey(privateKey)
m["tlsCertificateChain"], err = x509.MarshalPKCS8PrivateKey(privateKey)
require.NoError(t, err)
},
wantDelete: false,
},

View File

@ -6,8 +6,9 @@ SPDX-License-Identifier: Apache-2.0
package testutil
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
@ -82,7 +83,7 @@ func (v *ValidCert) RequireMatchesPrivateKey(keyPEM string) {
// There is nothing very special about the certificate that it creates, just
// that it is a valid certificate that can be used for testing.
func CreateCertificate(notBefore, notAfter time.Time) ([]byte, error) {
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, err
}